merge-vex
Deprecated
The merge-vex command will be superseded by a new vex command in a future version. For further information refer to the discussion.
This command requires two input files, a SBOM and a VEX file that shell be merged. The VEX file needs to be compatible with the SBOM.
If the SBOM does not contain a VEX file, the VEX file simply be added to the SBOM.
If the SBOM already contains a VEX section, the two VEX files are merged uniquely. In the case of duplicate entries, the ratings will be merged. Should two ratings of the same method contain a different rating, the newer one will be kept.
usage: cdx-ev merge-vex [-h] [--output <file>] <sbom_file> <vex_file>
Positional Arguments
- <sbom_file>
Path to SBOM file to merge.The first file is assumed to be the SBOM, the second the vex file
- <vex_file>
Path to VEX file to merge.The first file is assumed to be the SBOM, the second the vex file
Named Arguments
- --output, -o
The path to where the output should be written. If this is a file, output is written there. If it’s a directory, output is written to a file with an auto-generated name inside that directory. If it’s not specified, output is written to stdout.